MSN: Gif File Buffer Overflow
This signature detects attempts to exploit a known vulnerability against NSN client. Attackers can send an excessively sized GIF file through the MSN Messenger's file transfer service, which can lead to a denial-of-service condition or allow remote code execution.
Extended Description
Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack. Other attack vectors may exist as well. MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable.
Affected Products
Microsoft msn_messenger_service
References
BugTraq: 13114
CVE: CVE-2005-0562
URL: http://www.microsoft.com/technet/security/bulletin/MS05-022.mspx http://www.kb.cert.org/vuls/id/633446
Short Name
CHAT:MSN:GIF-OVERFLOW
Severity
Major
Recommended
False
Recommended Action
Drop
Category
CHAT
Keywords
Buffer CVE-2005-0562 File Gif Overflow bid:13114
Release Date
04/07/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/6891-6900
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5